On 16/06/2017 2:31 PM, Timothy Sipples wrote:
If you'd like an introduction to how this all works, this one is fairly
good, although it's slightly dated (written/recorded about 6 years ago):
https://www.ibm.com/support/docview.wss?uid=swg27028558
That still doesn't really help me. I'm trying to understand how AT-TLS
guards against MITM for client connections.
E.g. lets say I had a Cobol job that sent email. I now want to connect
to Gmail which uses TLS. Can I plug in AT-TLS without changing the job?
How is the server certificate validated?
Any answer that requires enumerating all possible Gmail IP addresses or
all possible Gmail certificates is impractical. The normal answer is
that the name in the certificate is compared to the name you tried to
connect to, but it is not clear that AT-TLS has that information at that
point.
(I'm not actually setting this up, just trying to understand AT-TLS as a
suggested solution. I chose Gmail as an example because they have caused
me difficulties in the past by returning different certificates from
different IP addresses.)
--
Andrew Rowley
Black Hill Software
+61 413 302 386
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
